1 heat_template_version: pike
4 OpenStack controller node configured by Puppet.
10 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
12 ControllerExtraConfig:
15 Controller specific hiera configuration data to inject into the cluster.
20 A network mapped list of IPs to assign to Controllers in the following form:
22 "internal_api": ["a.b.c.d", "e.f.g.h"],
28 description: Set to True to enable debugging on all services.
32 description: Whether to deploy a LoadBalancer on the Controller
37 Additional hieradata to inject into the cluster, note that
38 ControllerExtraConfig takes precedence over ExtraConfig.
40 OvercloudControlFlavor:
41 description: Flavor for control nodes to request when deploying.
45 - custom_constraint: nova.flavor
48 default: overcloud-full
50 - custom_constraint: glance.image
52 default: 'REBUILD_PRESERVE_EPHEMERAL'
53 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
57 description: Name of an existing Nova key pair to enable SSH access to the instances
60 - custom_constraint: nova.keypair
61 NeutronPublicInterface:
63 description: What interface to bridge onto br-ex for network nodes.
67 description: Mapping of service_name -> network name. Typically set
68 via parameter_defaults in the resource registry.
72 description: Mapping of service endpoint -> protocol. Typically set
73 via parameter_defaults in the resource registry.
79 Setting to a previously unused value during stack-update will trigger
80 package update on all nodes
83 default: '' # Defaults to Heat created hostname
87 description: Optional mapping to override hostnames
88 NetworkDeploymentActions:
89 type: comma_delimited_list
91 Heat action when to apply network configuration changes
96 SoftwareConfigTransport:
97 default: POLL_SERVER_CFN
99 How the server should receive the metadata required for software configuration.
102 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
104 default: 'localdomain'
107 The DNS domain used for the hosts. This must match the
108 overcloud_domain_name configured on the undercloud.
109 ControllerServerMetadata:
112 Extra properties or metadata passed to Nova for the created nodes in
113 the overcloud. It's accessible via the Nova metadata API. This option is
114 role-specific and is merged with the values given to the ServerMetadata
120 Extra properties or metadata passed to Nova for the created nodes in
121 the overcloud. It's accessible via the Nova metadata API. This applies to
122 all roles and is merged with a role-specific metadata parameter.
124 ControllerSchedulerHints:
126 description: Optional scheduler hints to pass to nova
128 ServiceConfigSettings:
132 type: comma_delimited_list
134 MonitoringSubscriptions:
135 type: comma_delimited_list
137 ServiceMetadataSettings:
142 description: Command which will be run whenever configuration data changes
143 default: os-refresh-config --timeout 14400
148 Maximum amount of time to possibly to delay configuation collection
149 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
150 the configuration collection to occur as soon as the collection process
151 starts. This setting is used to prevent the configuration collection
152 processes from polling all at the exact same time.
156 Command or script snippet to run on all overcloud nodes to
157 initialize the upgrade process. E.g. a repository switch.
159 UpgradeInitCommonCommand:
162 Common commands required by the upgrades process. This should not
163 normally be modified by the operator and is set and unset in the
164 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
167 DeploymentServerBlacklistDict:
171 Map of server hostnames to blacklist from any triggered
172 deployments. If the value is 1, the server will be blacklisted. This
173 parameter is generated from the parent template.
176 description: Role Specific Parameters
181 description: Do not use deprecated params, they will be removed.
183 - controllerExtraConfig
186 server_not_blacklisted:
189 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
196 type: OS::TripleO::ControllerServer
199 command: {get_param: ConfigCommand}
200 splay: {get_param: ConfigCollectSplay}
202 image: {get_param: controllerImage}
203 image_update_policy: {get_param: ImageUpdatePolicy}
204 flavor: {get_param: OvercloudControlFlavor}
205 key_name: {get_param: KeyName}
208 user_data_format: SOFTWARE_CONFIG
209 user_data: {get_resource: UserData}
212 template: {get_param: Hostname}
213 params: {get_param: HostnameMap}
214 software_config_transport: {get_param: SoftwareConfigTransport}
217 - {get_param: ServerMetadata}
218 - {get_param: ControllerServerMetadata}
219 - {get_param: ServiceMetadataSettings}
220 scheduler_hints: {get_param: ControllerSchedulerHints}
222 # Combine the NodeAdminUserData and NodeUserData mime archives
224 type: OS::Heat::MultipartMime
227 - config: {get_resource: NodeAdminUserData}
229 - config: {get_resource: NodeUserData}
231 - config: {get_resource: RoleUserData}
234 # Creates the "heat-admin" user if configured via the environment
235 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
237 type: OS::TripleO::NodeAdminUserData
239 # For optional operator additional userdata
240 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
242 type: OS::TripleO::NodeUserData
244 # For optional operator role-specific userdata
245 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
247 type: OS::TripleO::Controller::NodeUserData
250 type: OS::TripleO::Controller::Ports::ExternalPort
252 IPPool: {get_param: ControllerIPs}
253 NodeIndex: {get_param: NodeIndex}
254 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
257 type: OS::TripleO::Controller::Ports::InternalApiPort
259 IPPool: {get_param: ControllerIPs}
260 NodeIndex: {get_param: NodeIndex}
261 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
264 type: OS::TripleO::Controller::Ports::StoragePort
266 IPPool: {get_param: ControllerIPs}
267 NodeIndex: {get_param: NodeIndex}
268 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
271 type: OS::TripleO::Controller::Ports::StorageMgmtPort
273 IPPool: {get_param: ControllerIPs}
274 NodeIndex: {get_param: NodeIndex}
275 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
278 type: OS::TripleO::Controller::Ports::TenantPort
280 IPPool: {get_param: ControllerIPs}
281 NodeIndex: {get_param: NodeIndex}
282 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
285 type: OS::TripleO::Controller::Ports::ManagementPort
287 IPPool: {get_param: ControllerIPs}
288 NodeIndex: {get_param: NodeIndex}
289 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
292 type: OS::TripleO::Network::Ports::NetIpMap
294 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
295 ExternalIp: {get_attr: [ExternalPort, ip_address]}
296 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
297 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
298 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
299 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
300 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
301 StorageIp: {get_attr: [StoragePort, ip_address]}
302 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
303 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
304 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
305 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
306 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
307 TenantIp: {get_attr: [TenantPort, ip_address]}
308 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
309 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
310 ManagementIp: {get_attr: [ManagementPort, ip_address]}
311 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
312 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
315 type: OS::Heat::Value
323 - - {get_attr: [Controller, name]}
325 - {get_param: CloudDomain}
329 - - {get_attr: [Controller, name]}
335 - - {get_attr: [Controller, name]}
337 - {get_param: CloudDomain}
341 - - {get_attr: [Controller, name]}
347 - - {get_attr: [Controller, name]}
349 - {get_param: CloudDomain}
353 - - {get_attr: [Controller, name]}
359 - - {get_attr: [Controller, name]}
361 - {get_param: CloudDomain}
365 - - {get_attr: [Controller, name]}
371 - - {get_attr: [Controller, name]}
373 - {get_param: CloudDomain}
377 - - {get_attr: [Controller, name]}
383 - - {get_attr: [Controller, name]}
385 - {get_param: CloudDomain}
389 - - {get_attr: [Controller, name]}
395 - - {get_attr: [Controller, name]}
397 - {get_param: CloudDomain}
401 - - {get_attr: [Controller, name]}
405 type: OS::TripleO::Controller::PreNetworkConfig
407 server: {get_resource: Controller}
408 RoleParameters: {get_param: RoleParameters}
409 deployment_actions: {get_attr: [DeploymentActions, value]}
412 type: OS::TripleO::Controller::Net::SoftwareConfig
414 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
415 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
416 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
417 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
418 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
419 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
420 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
423 type: OS::TripleO::SoftwareDeployment
424 depends_on: PreNetworkConfig
426 name: NetworkDeployment
427 config: {get_resource: NetworkConfig}
428 server: {get_resource: Controller}
431 - server_not_blacklisted
432 - {get_param: NetworkDeploymentActions}
436 interface_name: {get_param: NeutronPublicInterface}
438 # Resource for site-specific injection of root certificate
440 depends_on: NetworkDeployment
441 type: OS::TripleO::NodeTLSCAData
443 server: {get_resource: Controller}
445 # Resource for site-specific passing of private keys/certificates
447 depends_on: NodeTLSCAData
448 type: OS::TripleO::NodeTLSData
450 server: {get_resource: Controller}
451 NodeIndex: {get_param: NodeIndex}
453 ControllerUpgradeInitConfig:
454 type: OS::Heat::SoftwareConfig
460 - - "#!/bin/bash\n\n"
461 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
462 - get_param: UpgradeInitCommand
463 - get_param: UpgradeInitCommonCommand
465 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
466 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
467 ControllerUpgradeInitDeployment:
468 type: OS::Heat::SoftwareDeployment
469 depends_on: NetworkDeployment
471 name: ControllerUpgradeInitDeployment
474 - server_not_blacklisted
475 - ['CREATE', 'UPDATE']
477 server: {get_resource: Controller}
478 config: {get_resource: ControllerUpgradeInitConfig}
480 ControllerDeployment:
481 type: OS::TripleO::SoftwareDeployment
482 depends_on: ControllerUpgradeInitDeployment
484 name: ControllerDeployment
487 - server_not_blacklisted
488 - ['CREATE', 'UPDATE']
490 config: {get_resource: ControllerConfig}
491 server: {get_resource: Controller}
493 bootstack_nodeid: {get_attr: [Controller, name]}
494 enable_load_balancer: {get_param: EnableLoadBalancer}
495 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
497 # Map heat metadata into hiera datafiles
499 type: OS::Heat::StructuredConfig
505 - heat_config_%{::deploy_config_name}
507 - controller_extraconfig
512 - bootstrap_node # provided by BootstrapNodeConfig
513 - all_nodes # provided by allNodesConfig
514 - vip_data # provided by allNodesConfig
516 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
517 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
518 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
519 - midonet_data #Optionally provided by AllNodesExtraConfig
520 - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
521 merge_behavior: deeper
524 service_names: {get_param: ServiceNames}
525 sensu::subscriptions: {get_param: MonitoringSubscriptions}
528 - {get_param: ServiceConfigSettings}
529 - values: {get_attr: [NetIpMap, net_ip_map]}
530 controller_extraconfig:
532 - {get_param: controllerExtraConfig}
533 - {get_param: ControllerExtraConfig}
534 extraconfig: {get_param: ExtraConfig}
536 # data supplied directly to this deployment configuration, etc
537 bootstack_nodeid: {get_input: bootstack_nodeid}
539 enable_load_balancer: {get_input: enable_load_balancer}
542 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
543 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
544 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
545 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
546 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
547 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
548 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
549 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
550 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
552 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
553 ControllerExtraConfigPre:
554 depends_on: ControllerDeployment
555 type: OS::TripleO::ControllerExtraConfigPre
556 # We have to use conditions here so that we don't break backwards
557 # compatibility with templates everywhere
558 condition: server_not_blacklisted
560 server: {get_resource: Controller}
562 # Hook for site-specific additional pre-deployment config,
563 # applying to all nodes, e.g node registration/unregistration
565 depends_on: [ControllerExtraConfigPre, NodeTLSData]
566 type: OS::TripleO::NodeExtraConfig
567 # We have to use conditions here so that we don't break backwards
568 # compatibility with templates everywhere
569 condition: server_not_blacklisted
571 server: {get_resource: Controller}
574 type: OS::TripleO::Tasks::PackageUpdate
577 type: OS::Heat::SoftwareDeployment
578 depends_on: NetworkDeployment
580 name: UpdateDeployment
583 - server_not_blacklisted
584 - ['CREATE', 'UPDATE']
586 config: {get_resource: UpdateConfig}
587 server: {get_resource: Controller}
590 get_param: UpdateIdentifier
593 type: OS::Heat::Value
597 - server_not_blacklisted
598 - ['CREATE', 'UPDATE']
602 type: OS::TripleO::Ssh::HostPubKey
603 depends_on: ControllerDeployment
605 server: {get_resource: Controller}
606 deployment_actions: {get_attr: [DeploymentActions, value]}
610 description: IP address of the server in the ctlplane network
611 value: {get_attr: [Controller, networks, ctlplane, 0]}
613 description: IP address of the server in the external network
614 value: {get_attr: [ExternalPort, ip_address]}
615 internal_api_ip_address:
616 description: IP address of the server in the internal_api network
617 value: {get_attr: [InternalApiPort, ip_address]}
619 description: IP address of the server in the storage network
620 value: {get_attr: [StoragePort, ip_address]}
621 storage_mgmt_ip_address:
622 description: IP address of the server in the storage_mgmt network
623 value: {get_attr: [StorageMgmtPort, ip_address]}
625 description: IP address of the server in the tenant network
626 value: {get_attr: [TenantPort, ip_address]}
627 management_ip_address:
628 description: IP address of the server in the management network
629 value: {get_attr: [ManagementPort, ip_address]}
631 description: Hostname of the server
632 value: {get_attr: [Controller, name]}
634 description: Mapping of network names to hostnames
636 external: {get_attr: [NetHostMap, value, external, fqdn]}
637 internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
638 storage: {get_attr: [NetHostMap, value, storage, fqdn]}
639 storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
640 tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
641 management: {get_attr: [NetHostMap, value, management, fqdn]}
642 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
645 Server's IP address and hostname in the /etc/hosts format
649 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
650 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
651 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
652 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
653 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
654 TENANTIP TENANTHOST.DOMAIN TENANTHOST
655 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
656 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
658 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
659 DOMAIN: {get_param: CloudDomain}
660 PRIMARYHOST: {get_attr: [Controller, name]}
661 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
662 EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
663 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
664 INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
665 STORAGEIP: {get_attr: [StoragePort, ip_address]}
666 STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
667 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
668 STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
669 TENANTIP: {get_attr: [TenantPort, ip_address]}
670 TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
671 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
672 MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
673 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
674 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
676 description: Entry for ssh known hosts
679 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
680 EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
681 INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
682 STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
683 STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
684 TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
685 MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
686 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
688 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
689 DOMAIN: {get_param: CloudDomain}
690 PRIMARYHOST: {get_attr: [Controller, name]}
691 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
692 EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
693 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
694 INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
695 STORAGEIP: {get_attr: [StoragePort, ip_address]}
696 STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
697 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
698 STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
699 TENANTIP: {get_attr: [TenantPort, ip_address]}
700 TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
701 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
702 MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
703 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
704 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
705 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
706 nova_server_resource:
707 description: Heat resource handle for the Nova compute server
709 {get_resource: Controller}
710 condition: server_not_blacklisted
712 description: MD5 checksum of the TLS Key Modulus
713 value: {get_attr: [NodeTLSData, key_modulus_md5]}
714 tls_cert_modulus_md5:
715 description: MD5 checksum of the TLS Certificate Modulus
716 value: {get_attr: [NodeTLSData, cert_modulus_md5]}